Blog

UK government names Linux the most secure platform

This may not seem directly relavent to AIX, however what it does show is that a correctly configured Unix/Linux system is clearly far more secure than Windows and this is highly significant when choosing your corporate infrastructure.

AIX currently lags behind Linux in one major security area and that is the lack of support for iptables. Iptables is a rule-based firewall built directly into the Linux Kernel. AIX does have ipfilt, however this is currently nowhere near as widely supported nor understood.

One other AIX/Linux feature that is definitely not given enough attention is IPSec. IPSec can be used to create a secure private network/tunnel between servers, and because everything is encapsulated at pack level (layer-2), you do not need to worry about complex firewall rulesets. AIX IPSec performance can also be greatly enhanced by offloading the encryption overhead to the actual network hardware/card.

Blog

The importance of BIOS Updates

I regularly answer questions on it.toolbox and also find it an invaluable source of information. Yesterday somebody was complaining that they could not see the NPIV virtual adapters in AIX, and this reminded me of a similar problem I had recently with a new Ethernet card in a p710+

When the machine was delivered from IBM it came with almost the latest system BIOS but the required level of HMC/VIOS was not yet available so I had to go through an unbelievable route of downloading endless versions of VIOS and HMC, and then had to patch them in a particular order before everything would play nicely together. That eventually meant that I could do anything I wanted with the system and cards at the hardware level, but once I tried to configure my highly available SEA in VIOS, things quickly went pear-shaped.

After a lot more research I download the latest BIOS/firmware for the actual card and manually added it to my VIOS, et-voila the card was correctly recognised and worked as expected. I then tried to build a NIM server to push out my OS images, and the same problem re-occurred. Again the only way to see the card was to patch AIX to the very latest tech-level, and then to apply the firmware update again.

Finally everything worked as expected!

The thing I wanted to stress is that you must keep your BIOS an Tech-Levels up to date, otherwise when you try to install new hardware it may not work at all.

Blog

Using Pstree command

This is not the newest or most powerful command in AIX, and I know it won’t be news to many people, however I do believe its power and simplicity are overlooked and it can be a great way to visualise how services such as the SRC (System Resource Controller) damon actually work.

You can clearly see each of the active subsystems ans child processes such as shell or Java, and this can be very useful when trying to diagnose system performance issues. You can also extend this functionality by installing the pstree RPM:

7. By default each entry logs all messages at and ABOVE the level described e.g. “*.debug” will log every single system message to this file. To restrict logging only to that level use the “.none” keyword. e.g. “*.debug;local0.none;local7.none”.

Note: If you want to specify multiple logging levels use the “;” to separate them.

8. By default the syslog daemon accepts messages from other systems. If you wish to override this behaviour start syslogd with the “-r” option.

Recent blogs

IBM quietly added a firewall capability (known as ipfilters) to AIX 6.1, however they did not do a particularly good... Read more

References

Vesting Finance

Vesting Finance runs 6 systems which need to be in sync and up to date. SystemScan AIX helps our support team to regularly scan and check our systems for consistency and to reduce maintenance time and cost.

Prevention is better than cure.

- Wesley Goedegebuure, teamleader ICT

Yamaha Motor Europe

SystemScan AIX helped us to quickly and easily scan our system configuration. Understanding our environment allowed us to manage it better to identify problems and potential knowledge gaps.

Yamaha Motor Europe has a complex mission critical clustered system which makes it vital for us to maximise efficiency and minimise downtime.

- Kees Trommel, IT manager

About SystemScan AIX

Consists of a single RPM that can be installed on AIX 5.3, 6.1, or 7.1. It also has separate modules for HMC/IVM, and VIOS, that can be run from cron and silently produce system configuration reports that can then be transferred to another server for analysis.